{"id":"https://openalex.org/W2103042869","doi":"https://doi.org/10.1109/iwia.2004.1288042","title":"A methodology to detect and characterize kernel level rootkit exploits involving redirection of the system call table","display_name":"A methodology to detect and characterize kernel level rootkit exploits involving redirection of the system call table","publication_year":2004,"publication_date":"2004-06-10","ids":{"openalex":"https://openalex.org/W2103042869","doi":"https://doi.org/10.1109/iwia.2004.1288042","mag":"2103042869"},"language":"en","primary_location":{"id":"doi:10.1109/iwia.2004.1288042","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iwia.2004.1288042","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Second IEEE International Information Assurance Workshop, 2004. Proceedings.","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5109636565","display_name":"J. Levine","orcid":null},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"J. Levine","raw_affiliation_strings":["School of Electrical and Computer Engineering, Georgia Institute of Technology, USA","Sch. of Electr. & Comput. Eng.,, Georgia Inst. of Technol., Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, Georgia Institute of Technology, USA","institution_ids":["https://openalex.org/I130701444"]},{"raw_affiliation_string":"Sch. of Electr. & Comput. Eng.,, Georgia Inst. of Technol., Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068335950","display_name":"J.B. Grizzard","orcid":null},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"J. Grizzard","raw_affiliation_strings":["School of Electrical and Computer Engineering, Georgia Institute of Technology, USA","Sch. of Electr. & Comput. Eng.,, Georgia Inst. of Technol., Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, Georgia Institute of Technology, USA","institution_ids":["https://openalex.org/I130701444"]},{"raw_affiliation_string":"Sch. of Electr. & Comput. Eng.,, Georgia Inst. of Technol., Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5008479293","display_name":"Hywel Owen","orcid":"https://orcid.org/0000-0001-5028-2841"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"H. Owen","raw_affiliation_strings":["School of Electrical and Computer Engineering, Georgia Institute of Technology, USA","Sch. of Electr. & Comput. Eng.,, Georgia Inst. of Technol., Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, Georgia Institute of Technology, USA","institution_ids":["https://openalex.org/I130701444"]},{"raw_affiliation_string":"Sch. of Electr. & Comput. Eng.,, Georgia Inst. of Technol., Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5109636565"],"corresponding_institution_ids":["https://openalex.org/I130701444"],"apc_list":null,"apc_paid":null,"fwci":1.854,"has_fulltext":false,"cited_by_count":32,"citation_normalized_percentile":{"value":0.88128455,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"107","last_page":"125"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.9947322607040405},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8745635151863098},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7545984983444214},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.40677568316459656},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.39593541622161865}],"concepts":[{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.9947322607040405},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8745635151863098},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7545984983444214},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.40677568316459656},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.39593541622161865}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iwia.2004.1288042","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iwia.2004.1288042","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Second IEEE International Information Assurance Workshop, 2004. Proceedings.","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W601443012","https://openalex.org/W1524208960","https://openalex.org/W1582350176","https://openalex.org/W1967042053","https://openalex.org/W2036548030","https://openalex.org/W2111496399","https://openalex.org/W2119691727","https://openalex.org/W2409664136","https://openalex.org/W4212989468"],"related_works":["https://openalex.org/W1994712384","https://openalex.org/W1966145327","https://openalex.org/W4240186231","https://openalex.org/W2166844173","https://openalex.org/W3170525725","https://openalex.org/W3048799479","https://openalex.org/W3006507989","https://openalex.org/W2779961139","https://openalex.org/W3089468277","https://openalex.org/W2763500028"],"abstract_inverted_index":{"There":[0,65],"is":[1,85,119],"no":[2],"standardized":[3],"methodology":[4],"at":[5,69],"present":[6,70],"to":[7,19,42,58,61,71,104,123,140],"characterize":[8,20],"rootkits":[9,21],"that":[10,29,82],"compromise":[11],"the":[12,33,48,52,55,89],"security":[13,56],"of":[14,51,112,116,130,145],"computer":[15],"systems.":[16],"The":[17],"ability":[18],"will":[22],"provide":[23],"system":[24,84],"administrators":[25],"with":[26],"information":[27],"so":[28],"they":[30],"can":[31],"take":[32],"best":[34],"possible":[35],"recovery":[36],"actions":[37],"and":[38,46,133],"may":[39],"also":[40],"help":[41],"detect":[43,72,141],"additional":[44],"instances":[45],"prevent":[47],"further":[49],"installation":[50],"rootkit":[53,63,99,118,146],"allowing":[54],"community":[57],"react":[59],"faster":[60],"new":[62,138],"exploits.":[64],"are":[66],"limited":[67],"capabilities":[68,79],"rootkits,":[73],"but":[74],"in":[75,121],"most":[76],"cases":[77],"these":[78],"only":[80],"indicate":[81],"a":[83,94,113,125,128],"infected":[86],"without":[87],"identifying":[88],"specific":[90],"rootkit.":[91],"We":[92],"propose":[93,136],"mathematical":[95],"framework":[96],"for":[97],"classifying":[98],"exploits":[100],"as":[101],"existing,":[102,105],"modifications":[103],"or":[106],"entirely":[107],"new.":[108],"An":[109],"indepth":[110],"analysis":[111],"particular":[114,143],"type":[115],"kernel":[117],"conducted":[120],"order":[122],"develop":[124],"characterization.":[126],"As":[127],"result":[129],"this":[131,142],"characterization":[132],"analysis,":[134],"we":[135],"some":[137],"methods":[139],"class":[144],"exploit.":[147]},"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":1},{"year":2014,"cited_by_count":2},{"year":2013,"cited_by_count":1},{"year":2012,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}